oidc-idp/internal/handlers/logout.go

/*
Copyright CAcert Inc.
SPDX-License-Identifier: Apache-2.0

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package handlers

import (
	"html/template"
	"log/slog"
	"net/http"

	client "github.com/ory/hydra-client-go/v2"

	"code.cacert.org/cacert/oidc-idp/internal/services"
)

type LogoutHandler struct {
	adminClient client.OAuth2API
	logger      *slog.Logger
}

func (h *LogoutHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	challenge := r.URL.Query().Get("logout_challenge")
	h.logger.Debug("received logout challenge", "challenge", challenge)

	logoutRequest, response, err := h.adminClient.GetOAuth2LogoutRequest(
		r.Context(),
	).LogoutChallenge(challenge).Execute()
	if err != nil {
		h.logger.Error("error getting logout requests", "error", err)
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)

		return
	}

	defer func() { _ = response.Body.Close() }()

	h.logger.Debug(
		"got response for GetOAuth2LogoutRequest",
		"response", response.Status, "logout_request", logoutRequest,
	)

	acceptLogoutRequest, response, err := h.adminClient.AcceptOAuth2LogoutRequest(
		r.Context(),
	).LogoutChallenge(challenge).Execute()
	if err != nil {
		h.logger.Error("accept logout request failed", "error", err)
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
	}

	defer func() { _ = response.Body.Close() }()

	h.logger.Debug(
		"got response for AcceptOAuth2LogoutRequest",
		"response", response.Status, "accept_logout_request", acceptLogoutRequest,
	)

	w.Header().Set("Location", acceptLogoutRequest.GetRedirectTo())
	w.WriteHeader(http.StatusFound)
}

func NewLogout(logger *slog.Logger, adminClient client.OAuth2API) *LogoutHandler {
	return &LogoutHandler{
		logger:      logger,
		adminClient: adminClient,
	}
}

type LogoutSuccessHandler struct {
	logger    *slog.Logger
	trans     *services.I18NService
	templates TemplateCache
}

func (h *LogoutSuccessHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	if r.Method != http.MethodGet {
		http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)

		return
	}

	localizer := getLocalizer(h.trans, r)

	h.templates.render(h.logger, w, LogoutSuccessful, map[string]interface{}{
		"Title": h.trans.LookupMessage("LogoutSuccessfulTitle", nil, localizer),
		"Explanation": template.HTML(h.trans.LookupMarkdownMessage( //nolint:gosec
			"LogoutSuccessfulText",
			nil,
			localizer,
		)),
	})
}

func NewLogoutSuccess(
	logger *slog.Logger, templateCache TemplateCache, trans *services.I18NService,
) *LogoutSuccessHandler {
	return &LogoutSuccessHandler{logger: logger, trans: trans, templates: templateCache}
}
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`/*`
Update golangci-lint, fix warnings - remove copyright years - mark unused parameter with _ - add missing empty lines before expressions 2024-05-11 20:42:21 +00:00			`Copyright CAcert Inc.`
Fix linter warnings, modernize code 2023-05-13 11:27:19 +00:00			`SPDX-License-Identifier: Apache-2.0`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00
Fix linter warnings, modernize code 2023-05-13 11:27:19 +00:00			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00
Small IDP refactoring - move internal code to internal directory - add translations for texts on missing email in client certificate page - add error handling for missing login_challenge request parameter - add Markdown support via goldmark - use https:// URLs in Apache license headers 2023-07-18 18:37:04 +00:00			`https://www.apache.org/licenses/LICENSE-2.0`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00
Fix linter warnings, modernize code 2023-05-13 11:27:19 +00:00			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`*/`

			`package handlers`

			`import (`
Implement logout-successful handler 2023-07-24 19:09:35 +00:00			`"html/template"`
Switch logging to slog This commit replaces logrus with slog from the Go standard library. 2024-05-11 23:07:34 +00:00			`"log/slog"`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`"net/http"`

Adapt to Hydra 2.x - use new SDK package - add session to transport user information from login to consent 2023-08-03 21:49:57 +00:00			`client "github.com/ory/hydra-client-go/v2"`
Fix golangci-lint config 2023-07-29 20:00:53 +00:00
			`"code.cacert.org/cacert/oidc-idp/internal/services"`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`)`

Fix linter warnings, modernize code 2023-05-13 11:27:19 +00:00			`type LogoutHandler struct {`
Update dependencies 2024-05-11 20:27:22 +00:00			`adminClient client.OAuth2API`
Switch logging to slog This commit replaces logrus with slog from the Go standard library. 2024-05-11 23:07:34 +00:00			`logger *slog.Logger`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`}`

Fix linter warnings, modernize code 2023-05-13 11:27:19 +00:00			`func (h LogoutHandler) ServeHTTP(w http.ResponseWriter, r http.Request) {`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`challenge := r.URL.Query().Get("logout_challenge")`
Switch logging to slog This commit replaces logrus with slog from the Go standard library. 2024-05-11 23:07:34 +00:00			`h.logger.Debug("received logout challenge", "challenge", challenge)`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00
Adapt to Hydra 2.x - use new SDK package - add session to transport user information from login to consent 2023-08-03 21:49:57 +00:00			`logoutRequest, response, err := h.adminClient.GetOAuth2LogoutRequest(`
			`r.Context(),`
			`).LogoutChallenge(challenge).Execute()`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`if err != nil {`
Switch logging to slog This commit replaces logrus with slog from the Go standard library. 2024-05-11 23:07:34 +00:00			`h.logger.Error("error getting logout requests", "error", err)`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)`
Fix linter warnings, modernize code 2023-05-13 11:27:19 +00:00
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`return`
			`}`

Adapt to Hydra 2.x - use new SDK package - add session to transport user information from login to consent 2023-08-03 21:49:57 +00:00			`defer func() { _ = response.Body.Close() }()`

Switch logging to slog This commit replaces logrus with slog from the Go standard library. 2024-05-11 23:07:34 +00:00			`h.logger.Debug(`
			`"got response for GetOAuth2LogoutRequest",`
			`"response", response.Status, "logout_request", logoutRequest,`
			`)`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00
Adapt to Hydra 2.x - use new SDK package - add session to transport user information from login to consent 2023-08-03 21:49:57 +00:00			`acceptLogoutRequest, response, err := h.adminClient.AcceptOAuth2LogoutRequest(`
			`r.Context(),`
			`).LogoutChallenge(challenge).Execute()`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`if err != nil {`
Switch logging to slog This commit replaces logrus with slog from the Go standard library. 2024-05-11 23:07:34 +00:00			`h.logger.Error("accept logout request failed", "error", err)`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)`
			`}`

Adapt to Hydra 2.x - use new SDK package - add session to transport user information from login to consent 2023-08-03 21:49:57 +00:00			`defer func() { _ = response.Body.Close() }()`

Switch logging to slog This commit replaces logrus with slog from the Go standard library. 2024-05-11 23:07:34 +00:00			`h.logger.Debug(`
			`"got response for AcceptOAuth2LogoutRequest",`
			`"response", response.Status, "accept_logout_request", acceptLogoutRequest,`
			`)`
Adapt to Hydra 2.x - use new SDK package - add session to transport user information from login to consent 2023-08-03 21:49:57 +00:00
			`w.Header().Set("Location", acceptLogoutRequest.GetRedirectTo())`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`w.WriteHeader(http.StatusFound)`
			`}`

Switch logging to slog This commit replaces logrus with slog from the Go standard library. 2024-05-11 23:07:34 +00:00			`func NewLogout(logger slog.Logger, adminClient client.OAuth2API) LogoutHandler {`
Fix linter warnings, modernize code 2023-05-13 11:27:19 +00:00			`return &LogoutHandler{`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`logger: logger,`
Fix linter warnings, modernize code 2023-05-13 11:27:19 +00:00			`adminClient: adminClient,`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`}`
			`}`

Fix linter warnings, modernize code 2023-05-13 11:27:19 +00:00			`type LogoutSuccessHandler struct {`
Switch logging to slog This commit replaces logrus with slog from the Go standard library. 2024-05-11 23:07:34 +00:00			`logger *slog.Logger`
Implement consent management The primary change in this commit is the introduction of consent management. A few minor improvements have been made: - move common header to ui/templates/base.gohtml - add an I18NService to unify localization - add a handlers.getLocalizer function - fix translation extraction and merging in Makefile - add a new AuthMiddleware to centralize client certificate authentication - move client certificate handling to internal/handlers/security.go - improver error handling, allow localization of HTTP error messages 2023-08-07 13:15:45 +00:00			`trans *services.I18NService`
			`templates TemplateCache`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`}`

Implement logout-successful handler 2023-07-24 19:09:35 +00:00			`func (h LogoutSuccessHandler) ServeHTTP(w http.ResponseWriter, r http.Request) {`
			`if r.Method != http.MethodGet {`
			`http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)`

			`return`
			`}`

Implement consent management The primary change in this commit is the introduction of consent management. A few minor improvements have been made: - move common header to ui/templates/base.gohtml - add an I18NService to unify localization - add a handlers.getLocalizer function - fix translation extraction and merging in Makefile - add a new AuthMiddleware to centralize client certificate authentication - move client certificate handling to internal/handlers/security.go - improver error handling, allow localization of HTTP error messages 2023-08-07 13:15:45 +00:00			`localizer := getLocalizer(h.trans, r)`
Implement logout-successful handler 2023-07-24 19:09:35 +00:00
Implement consent management The primary change in this commit is the introduction of consent management. A few minor improvements have been made: - move common header to ui/templates/base.gohtml - add an I18NService to unify localization - add a handlers.getLocalizer function - fix translation extraction and merging in Makefile - add a new AuthMiddleware to centralize client certificate authentication - move client certificate handling to internal/handlers/security.go - improver error handling, allow localization of HTTP error messages 2023-08-07 13:15:45 +00:00			`h.templates.render(h.logger, w, LogoutSuccessful, map[string]interface{}{`
			`"Title": h.trans.LookupMessage("LogoutSuccessfulTitle", nil, localizer),`
			`"Explanation": template.HTML(h.trans.LookupMarkdownMessage( //nolint:gosec`
Implement logout-successful handler 2023-07-24 19:09:35 +00:00			`"LogoutSuccessfulText",`
			`nil,`
			`localizer,`
			`)),`
			`})`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`}`

Implement consent management The primary change in this commit is the introduction of consent management. A few minor improvements have been made: - move common header to ui/templates/base.gohtml - add an I18NService to unify localization - add a handlers.getLocalizer function - fix translation extraction and merging in Makefile - add a new AuthMiddleware to centralize client certificate authentication - move client certificate handling to internal/handlers/security.go - improver error handling, allow localization of HTTP error messages 2023-08-07 13:15:45 +00:00			`func NewLogoutSuccess(`
Switch logging to slog This commit replaces logrus with slog from the Go standard library. 2024-05-11 23:07:34 +00:00			`logger slog.Logger, templateCache TemplateCache, trans services.I18NService,`
Implement logout-successful handler 2023-07-24 19:09:35 +00:00			`) *LogoutSuccessHandler {`
Implement consent management The primary change in this commit is the introduction of consent management. A few minor improvements have been made: - move common header to ui/templates/base.gohtml - add an I18NService to unify localization - add a handlers.getLocalizer function - fix translation extraction and merging in Makefile - add a new AuthMiddleware to centralize client certificate authentication - move client certificate handling to internal/handlers/security.go - improver error handling, allow localization of HTTP error messages 2023-08-07 13:15:45 +00:00			`return &LogoutSuccessHandler{logger: logger, trans: trans, templates: templateCache}`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`}`